Controlling malicious sources at internet gateways

An algorithm known as XCHOKe is presented to control flows from malicious sources (MS). The per-packet computation is small with no floating-point operations. The attempt is to prevent a sustained attack of non-adaptive flows at Internet Gateways at the cost of denying the adaptive flows their fair share of bandwidth.